Privacy & Security

Effective date: January 2, 2026

1. Your Data Belongs to You

At Visuelife, we believe your calendar and personal notes are yours. We never sell your data. All information you enter is stored securely and is only accessible by you.

2. What We Collect

• Account Information: Your name and email address (for login and communication)
• Health Data: Blood pressure, heart rate, blood glucose, and other vital measurements you choose to track
• Nutrition Data: Meal records, food photos, and nutritional information from your meal logging
• Activity Data: Calendar entries, events, and daily activities you record
• Mood Tracking: Your mood check-ins and emotional well-being notes throughout the day
• Goals & Habits: Your personal goals, habit tracking data, progress notes, and completion records
• Tasks: Your to-do lists, task descriptions, and completion status
• Financial Data: Income and expense records, transaction descriptions, and budget information
• Time Tracking: Project time entries, work sessions, and productivity data
• Voice Data: Voice recordings from Vizy (our AI assistant), transcripts, and AI-generated responses
• Location Data: City-level location for weather context (we use "When In Use" permission with kilometer-level accuracy, not exact GPS coordinates)
• Weather Data: Historical weather information associated with your daily activities
• AI Reports: Generated insights and personalized analysis of your life patterns
• Payment Information: If you subscribe to the Plus plan (handled securely via our payment processor, never stored on our servers)

All personal data listed above is encrypted at rest in our database and only accessible by you.

3. How We Use Your Data

• To provide your personalized life tracking and visualization experience
• To generate AI-powered insights and reports about your health, nutrition, habits, and life patterns
• To analyze meal photos and provide nutritional information
• To process voice commands through Vizy (our AI assistant)
• To show weather context for your activities and calendar
• To track your goals, habits, tasks, and time entries
• To respond to support requests and improve our service
• To send optional updates and account-related notifications

We never use your data for advertising, and we never sell your data to third parties.

4. How We Protect Your Data

Your health data, personal information, and activity records are protected using multiple layers of enterprise-grade security:

• Comprehensive Encryption at Rest: All sensitive personal data is encrypted in our database using industry-standard AES encryption algorithms. This includes:
  • Personal information (name, email, health conditions, blood type)
  • Health measurements and device information
  • All meal titles, descriptions, and nutritional data
  • Mood check-ins and emotional well-being notes
  • Goals, goal notes, habits, and habit notes
  • Tasks and task descriptions
  • Financial records (income/expense names, descriptions, categories)
  • Time tracking entries (project names, descriptions, session metadata)
  • Voice recordings, transcripts, and AI conversations
  • AI report content and structured analysis data
  • Support request details and notes

  Even if our database were compromised, your data would be completely unreadable without the encryption keys.

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using HTTPS/TLS 1.3 protocols, preventing interception or eavesdropping.
• Secure File Storage: Photos, voice recordings, and file attachments are stored on enterprise cloud storage (AWS S3) with server-side encryption and strict access controls.
• Account Protection: Your account is protected with:
  • Strong password requirements (uppercase, lowercase, numbers, special characters)
  • Automatic account lockout after failed login attempts
  • Cryptographically secure JWT authentication tokens
  • Email verification for new accounts
  • Secure password reset via time-limited codes
• Attack Prevention: We employ rate limiting, automated threat detection, and security monitoring to prevent brute-force attacks, credential stuffing, SQL injection, XSS attacks, and other malicious activities.
• Audit Logging: All access to sensitive data is logged with complete audit trails for security monitoring, compliance, and incident response.
• Privacy by Design: Location data is stored at city level only (not exact GPS coordinates), ensuring your precise location remains private while still providing weather context.
• Regular Security Reviews: We continuously monitor and update our security measures, apply security patches promptly, and follow industry best practices to protect against emerging threats.

Our security measures are designed to meet healthcare data protection standards and comply with regulations like HIPAA and GDPR. We take data protection seriously because we know you're trusting us with your most personal information.

5. Third-Party Services

We use carefully selected, trusted third-party services to provide certain features. All service providers are GDPR-compliant and bound by strict data processing agreements:

• OpenAI & Anthropic (Claude): For AI meal photo analysis, AI report generation, and Vizy voice assistant responses. Your data is sent to these services only for processing and is not used for training their models.
• Apple WeatherKit: For weather data based on city-level location (not exact GPS coordinates).
• AWS S3: For encrypted storage of photos, voice recordings, and file attachments with server-side encryption.
• Payment Processors: For handling Plus plan subscriptions (payment information is never stored on our servers).
• Email Service (Mailjet): For sending account-related emails, password resets, and optional notifications.
• Apple HealthKit: If you choose to sync health data, this is handled entirely on your device; we only receive data you explicitly choose to share.

These services do not have access to your encrypted personal data unless specifically required for the feature they provide (e.g., AI analysis). We never sell or share your data for advertising purposes.

6. Your Rights

You may request a copy of your data or delete your account at any time by contacting us. We will honor all requests within 30 days.

7. Cookies

We use essential cookies to keep you signed in. We do not use advertising or tracking cookies.

8. Updates

We may update this Privacy Policy. If we do, we'll notify you via email or in-app notification.

9. Contact Us

If you have any questions or concerns, please email us at hi@visuelife.com.